The compliance world is full of different regulations such as ISO, CMMC, HIPAA, FISMA…. You might ask how anyone navigates through government regulations. However, a more valuable question would be… could any of these regulations actually benefit your organization?
Today, I would like to focus on the International Organization for Standardization (ISO) regulations. Founded in 1947, ISO was formed to promote and uphold global industrial and commercial standards. You may notice that ISO is backwards from the name of the organization, and that’s a result of the acronym changing between different languages, so they decided to pick one based on the Greek word “isos,” meaning equal.
Like most standards, ISO is a language that describes the best way of doing something. ISO has many different standards that apply to everything from making a product, delivering a service, or supplying materials. In other words, let’s make sure we’re all talking the same language with regard to terms, standards, and units of measurement.
For instance, here are some of the standards ISO covers:
- Quality management standards to help work more efficiently and reduce product failures.
- Environmental management standards to help reduce environmental impacts, reduce waste and be more sustainable.
- Health and safety standards to help reduce accidents in the workplace.
- Energy management standards to help cut energy consumption.
- Food safety standards to help prevent food from being contaminated.
- IT security standards to help keep sensitive information secure.
All the requirements are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides… although some companies are required to be “ISO-certified” in order to do business with certain other organizations (i.e. the government). In fact, the US government recognizes the efforts of becoming ISO certified and will count that effort toward selecting organizations for program awards.
Interestingly enough, ISO develops standards, but is not involved in the certification process. That’s up to a 3rd party accredited organization known as the ISO registrar.
If your organization could benefit from being certified in one of the ISO standards, we provide support services and internal audit capabilities for ISO standards 9001, 27001, and 28001. Reach out if you need more information.